<?php
	include('global_config.inc');
	
	$operation = $_GET['o'];

	if( $operation == 'getuserinfo' ){
		$link = mysql_connect( $dbhost, $dbuser, $dbpass );
		mysql_select_db( "user_repo" );

		$username = $_GET['p1'];
		$query = "SELECT username, notification_email, notification_sms, notification_twitter, email, tel, twitter FROM user_profile ";
		$query .= "WHERE username = '$username' AND status = 0";
		$buffer = mysql_query($query);
		$result_num = mysql_num_rows($buffer);
		if( $result_num > 0 ){
			$result = mysql_fetch_assoc($buffer);
			//echo json_encode($result);
			//print_r( $result );
		}
		else die(false);

		//echo "0";
		$query2 = "SELECT product FROM user_product WHERE username = '$username'";
		$buffer2 = mysql_query($query2);
		$result_num2 = mysql_num_rows($buffer2);
		if( $result_num2 > 0 ){
			while( $r = mysql_fetch_assoc($buffer2) ){
				$product[] = $r['product'];
			}
			//unset( $product[$result_num2] );
		}

		$query3 = "SELECT cvename FROM user_cve WHERE username = '$username'";
		$buffer3 = mysql_query($query3);
		$result_num3 = mysql_num_rows($buffer3);
		if( $result_num3 > 0 ){
			while( $r = mysql_fetch_assoc($buffer3) ){
				$cve[] = $r['cvename'];
			}
			//unset( $cve[$result_num3] );
		}

		$result['product'] = $product;
		$result['cve'] = $cve;

		echo json_encode($result);

	}

	else if( $operation == 'setuserinfo' ){
		$link = mysql_connect( $dbhost, $dbuser, $dbpass );
		mysql_select_db( "user_repo" );

		$str = $_GET['p1'];
		$str = preg_replace( '/\\\"/', '"', $str );
		$info = json_decode($str, true);
		//print_r($info);

		$query0 = "SELECT username FROM user_profile WHERE username = '".$info['username']."'";
		$buffer = mysql_query($query0);
		if( mysql_num_rows($buffer) == 0 ){
			$query = "INSERT INTO user_profile ";
			$query .= "(username, notification_email, notification_sms, notification_twitter, email, tel, twitter, register_date) VALUE ";
			$query .= "('".$info['username']."', '".$info['notification_email']."', '".$info['notification_sms']."', '";
			$query .= $info['notification_twitter']."', '".$info['email']."', '".$info['tel']."', '".$info['twitter']."', DATE(NOW()))";
			
			//echo $query;
			mysql_query($query) or die("error insert profile.");
		}
		else{
			$query = "UPDATE user_profile SET notification_email = '".$info['notification_email']."', ";
			$query .= "notification_sms = '".$info['notification_sms']."', ";
			$query .= "notification_twitter = '".$info['notification_twitter']."', ";
			$query .= "email = '".$info['email']."', ";
			$query .= "tel = '".$info['tel']."', ";
			$query .= "twitter = '".$info['twitter']."' WHERE username = '".$info['username']."' AND status = 0";
			//echo $query;
			mysql_query($query) or die("error update profile.");
		}
		
		$query2 = "DELETE FROM user_product WHERE username = '".$info['username']."'";
		$info['product'] = array_unique($info['product']);
		if( mysql_query($query2) ){
			if( $info['product'] ){
				foreach( $info['product'] as $index => $product ){
					$query3 = "INSERT INTO user_product( username, product ) VALUE ";
					$query3 .= "('".$info['username']."', '".$product."')";
					//echo $query3."<br>";
					mysql_query($query3) or die("error insert product.");
				}
			}
		}
		else die("error delete product.");

		$query4 = "DELETE FROM user_cve WHERE username = '".$info['username']."'";
		$info['cve'] = array_unique($info['cve']);
		if( mysql_query($query4) ){
			if( $info['cve'] ){
				foreach( $info['cve'] as $index => $cve ){
					$query5 = "INSERT INTO user_cve( username, cvename ) VALUE ";
					$query5 .= "('".$info['username']."', '".$cve."')";
					//echo $query3."<br>";
					mysql_query($query5) or die("error insert cve.");
				}
			}
		}
		else die("error delete cve.");

		echo true;
		
	}

	else if( $operation == 'getnotification' ){
		$link = mysql_connect( $dbhost, $dbuser, $dbpass );
		mysql_select_db( "user_repo" );

		$username = $_GET['p1'];
		$page = $_GET['p2'];
		$first = $page * 10;
		if( $page == null || $page == '' )
			$page = '0';
		$query = "SELECT * FROM notification WHERE username = '$username' ";
		$query .= "ORDER BY date DESC ";
		$query .= "LIMIT $first, 10";
		//echo $query;
		$buffer = mysql_query($query);
		$result_num = mysql_num_rows($buffer);
		if( $result_num > 0 ){
			while( $r = mysql_fetch_assoc($buffer) ){
				$result[] = $r;
			}
		}
		echo json_encode($result);
		
	}

	else{
		$query = !empty($_SERVER['QUERY_STRING']) ? $_SERVER['QUERY_STRING'] : null;
		$url1 = !empty($query) ? "$base_path$local1?$query" : "$base_path$local1";
	 	
		//echo $url1;
		echo file_get_contents($url1);
	}

?>